When working with Docker, everything revolves around images. In essence, upgrading your Graylog instance using Docker is a matter of updating the Graylog image and/or its dependencies: MongoDB and Elasticsearch or OpenSearch.

Prerequisites

This guide assumes you have Docker already installed and have existing images deployed on containers. In this example we will be upgrading Graylog 4.3 to 5.0. For information about the upgrade path, please see the Graylog documentation.

If you are running Windows, then you will need to do the following after installing Docker:

  1. If it is running, shut down Docker Desktop.

  2. Open a command prompt and execute the following commands:

    Copy 
    cd %userprofile%
    notepad.exe .wslconfig

  3. You will be prompted with a Yes/No dialog to create a file named .wslconfig. Select Yes.

  4. Copy and paste the following into the contents of the file:

    Copy 
    [wsl2]
    kernelCommandLine = "sysctl.vm.max_map_count=262144"

  5. Save and close the file.

  6. Execute the following command:

    Copy 
    wsl --shutdown

  7. Restart Docker Desktop.

Updating Docker Images and Containers

Let’s talk about the steps of upgrading a Docker image and a container to the version you desire. As a reminder, we will be upgrading Graylog 4.3 to 5.0 together with its dependencies, MongoDB and OpenSearch.

HintFor this scenario, we have selected OpenSearch as our data node, and OpenSearch is highly recommended for Graylog 5.0; however, you may opt to utilize Elasticsearch 7.10.2. See the upgrade notes for 5.0 for more details.

  1. Check the current image versions ("tags") using the command docker images.

  2. After getting the outdated image versions deployed on your container(s), use the docker ps command to see a list of all containers currently running on your system.

  3. Stop the container(s) the outdated images they are deployed on using the command:

    Copy 
    docker stop [container ID] e.g. docker stop 4f969a48e6748e00c547dfcefb756185

  4. Remove the container(s) with the outdated images using the command:

    Copy 
    docker rm [container ID] e.g. docker rm 4f969a48e6748e00c547dfcefb756185f2bac70b6fac805aff4bd7ab02bb6945

  5. Pull your desired image versions.

    Warning: We do not use the latest tag by default, so ensure you specify the image you want.

    Note that to upgrade to Graylog 5.0, you will also need to upgrade your MongoDB and OpenSearch images in this sequence:

    1. MongoDB

    2. OpenSearch

    3. Graylog

    In this instance, we are upgrading to Graylog 5.0 and pulling images using the following commands:

    • MongoDB: docker pull mongo:5.0.13

    • OpenSearch: docker pull opensearchproject/opensearch:2.2.0

    • Graylog Open: docker pull graylog/graylog:5.0.0

    • Graylog Operations: docker pull graylog/graylog-enterprise:5.0.0

  6. After downloading the new images, use them to recreate the containers by executing the docker-compose up -d mongors1 mongors2 mongors3 command.

    Warning: If you choose not to use the above supplied docker-compose.yml file, you must change the image value for each service in your docker-compose.yml files to reflect the tags of the newly pulled images.

  7. Copy and paste and then execute these commands one at a time to configure MongoDB for Graylog:

    docker exec -it [Mongo Container ID] /bin/bash

    sh /scripts/rs-init.sh

    mongo

  8. Now enter rs.initiate(). This is a MongoDB command that tells it to initiate the replica set. It should return: rs01:PRIMARY>.

  9. If it returns a “SECONDARY” value, then execute the previous docker command against the next MongoDB container and repeat until it returns a “PRIMARY” value.

  10. Now copy and paste the following into your terminal:

    Copy 
    use graylog;
    db.createUser(
     {
     user: "admin",
    pwd: "password",
    roles:
    [{role: "dbAdmin", db: "graylog"},
    {role: "readWrite", db: "graylog"}]
    } );

Setting Feature Compatibility

Upon upgrading the MongoDB image to 5.0.13 (or whichever version you choose), you will also need to also set the compatibility level of MongoDB following the steps below:

  1. Verify the existing compatibility level using the command:

    Copy 
    db.adminCommand( { getParameter: 1, featureCompatibilityVersion: 1 } )

  2. In the MongoDB shell launched on the primary replica and with an administrator account, run:

    Copy 
    db.adminCommand( { setFeatureCompatibilityVersion: "5.0" } )

  3. Repeat step 2 above to confirm that the compatibility level has been set to the desired version. In this case, we want version 5.0.

  4. Quit and exit the MongoDB command shell using the commands below:

    Copy 
    quit()
    exit

  5. Now, run the docker-compose up -d --force-recreate command in your terminal.

  6. Finally, navigate to the external Graylog URI at http://127.0.0.1:9000/.